“UNIX developers HBX Networks have stumbled upon a bug within Google's Gmail that allows access to other users' personal e-mails.
By altering the "From" address field of an e-mail sent to the service, hackers could potentially find out a user's personal information, including passwords.
At first glance, to the average user the e-mail would appear normal. But by clicking "show options" within the Gmail interface, the "Reply-To" field will show HTML code that is actually a formatted version of another user's e-mail, HBX wrote on its Web site.
HBX said that they think a missing character is tripping up Gmail and causing it to print whatever is in its cache, or memory, into the Reply-To field.
The group did say much of what they saw was spam. However, what troubled them was in at least one case they were able to see a user's password.
Quick to respond, Google acknowledged the problem late Wednesday and has since corrected the problem for all users, a company source said.
At first glance, to the average user the e-mail would appear normal. But by clicking "show options" within the Gmail interface, the "Reply-To" field will show HTML code that is actually a formatted version of another user's e-mail, HBX wrote on its Web site.HBX said that they think a missing character is tripping up Gmail and causing it to print whatever is in its cache, or memory, into the Reply-To field. The group did say much of what they saw was spam. However, what troubled them was in at least one case they were able to see a user's password.
“Regardless of the specific failure, the result is a compromise of the privacy of communications over Gmail,” the organization said. “Usually, this only permits an attacker to examine recently-arrived spam in random user's inboxes - but message content does occasionally become more interesting.””
http://www.betanews.com/article/Gmail_Bug_Exposes_Emails_to_Hackers/1105561408
http://www.eweek.com/article2/0,1759,1750785,00.asp?kc=ewnws011305dtx1k0000599
Posts
No comments:
Post a Comment